public inbox for linux-ia64@vger.kernel.org
 help / color / mirror / Atom feed
* writing to "/proc/irq/xxxx/smp_affinity" produces a kernel crash
@ 2004-08-17 12:50 Francois Wellenreiter
  2004-08-17 13:07 ` David Mosberger
  0 siblings, 1 reply; 2+ messages in thread
From: Francois Wellenreiter @ 2004-08-17 12:50 UTC (permalink / raw)
  To: linux-ia64



				Dear all,

	Apparently a little bug was introduced in 2.6.7 kernel dealing with IRQ
redirection managemant via proc filesystem.
The behavior is quite simple, just type :

echo "r 00000001" > /proc/irq/{xy}/smp_affinity

where {xy} is a valid irq, and your kernel will crash.

The bug is located in the file arch/ia64/kernel/irq.c , function 
irq_affinity_write_proc,
at the following line we set a value called irq :
__________________

         if (copy_from_user(rbuf, buffer, rlen))
                 return -EFAULT;
         rbuf[rlen] = 0;
         prelen = 0;
         if (tolower(*rbuf) = 'r') {
                 prelen = strspn(rbuf, "Rr ");
                 irq |= IA64_IRQ_REDIRECTED; <----- IA64_IRQ_REDIRECTED
= 1<31 !!!!!
         }

__________________

and later it is written :
__________________

         spin_lock_irqsave(&desc->lock, flags);
         pending_irq_cpumask[irq] = new_value; <----- code generating a 
fatal page fault
         spin_unlock_irqrestore(&desc->lock, flags);
__________________


reading this code, a trouble clearly exists around the irq notion.
The "irq" corresponding to irq number programmed in IOSAPIC
(taking into account the IA64_IRQ_REDIRECTED bit) is mixed with the
the irq index in the irq_affinity table.

Best regards,


				Francois WELLENREITER



^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: writing to "/proc/irq/xxxx/smp_affinity" produces a kernel crash
  2004-08-17 12:50 writing to "/proc/irq/xxxx/smp_affinity" produces a kernel crash Francois Wellenreiter
@ 2004-08-17 13:07 ` David Mosberger
  0 siblings, 0 replies; 2+ messages in thread
From: David Mosberger @ 2004-08-17 13:07 UTC (permalink / raw)
  To: linux-ia64

>>>>> On Tue, 17 Aug 2004 14:50:46 +0200, Francois Wellenreiter <Francois.Wellenreiter@Ext.Bull.Net> said:

  Francois> Apparently a little bug was introduced in 2.6.7 kernel dealing with IRQ
  Francois> redirection managemant via proc filesystem.
  Francois> The behavior is quite simple, just type :

  Francois> echo "r 00000001" > /proc/irq/{xy}/smp_affinity

  Francois> where {xy} is a valid irq, and your kernel will crash.

Already fixed.  See:

 http://linux.bkbits.net:8080/linux-2.5/cset@1.1807.3.42

	--david

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-17 13:07 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-17 12:50 writing to "/proc/irq/xxxx/smp_affinity" produces a kernel crash Francois Wellenreiter
2004-08-17 13:07 ` David Mosberger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox